Factory73 Ltd

Umbraco CMS Deployment and Development

The delivery of modern, responsive websites underpinned by the powerful and flexible Umbraco content management system (CMS). This CMS enables rapid content generation, is scalable and is always focused on the end user and content manager to provide the best possible viewing and editing experience.

Features

• User-centred strategy on design
• Customer-friendly, attractive and easy to use
• Supports book/apply/pay functionality
• Solution fully conforms to W3C Web Accessibility guidelines
• Popular WYSIWYG that's easy to navigate and intuitive admin area
• Fully responsive designs that display across all screen sizes
• Follows Government Digital Service design principles

Benefits

• Content can be easily uploaded and updated
• Supports self-service and integrates with our other digital solutions
• Level AA Conformance to Web Content Accessibility Guidelines 2.0
• Helps join up systems across organisation
• Customer and user experience enhanced considerably
• No CMS licence fees
• Highly secure CMS

£7,500 an instance

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at business@factory73.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

760736564628900

Contact

Graeme McClurkin
0141 416 0733
business@factory73.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements:
  • Microsoft .NET Core hosting (can be supplied)
  • Microsoft SQL Server (can be supplied)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Issue support (all classifications) within UK Office hours (9am-5:30pm); Critical Issue support out-with UK Office hours; ; Response times dependent on SLA but can range from 30 minutes response for critical issues, 2 hours for major issues, 8 hours for normal issues and 2 working days for minor issues.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Critical: 30 mins response / 2 hours resolution; Major: 2 hours response / 6 hours resolution; Normal: 8 hours / Fixed on next deployment; Minor: 2 working days / Fixed on next deployment; ; Support costs range from £200 a month to £2000 a month, depending on client requirements.; ; We can provide a technical account manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide online training, alongside the provision of downloadable user manuals.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Customers are provided, free of charge, with backups of all databases at the end of contract.
• End-of-contract process: We will provide backups of website/application databases, media assets (all uploaded images and files) and, depending on nature of the contract either compiled code or source code. This will be provided free-of-charge.; ; We can also provide handover documentation, training and assistance in transfer to another supplier, however this will be chargeable.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Generally, there are no differences between the services as we follow best practice in responsive design.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Umbraco is an open source CMS and can be customised and augmented with additional functionality. ; ; The front-end can be customised with any advanced digital functionality required by the customer.; ; The Umbraco back-office admin area can be customised with tools and features to aid staff in maintaining their website.; ; Customisations are typically made by Umbraco-trained web developers.

Scaling

• Independence of resources: Cloud services are dedicated to the customer's project, and are scaled to include adequate headroom. Alerts are configured to monitor resources utilised to the service can be scaled up pro-actively if required. High-availability load-balanced environments can be provided.

Analytics

• Service usage metrics: Yes
• Metrics types: Google Analytics website usage metrics. ; Cloudflare Analytics website traffic metrics.; Support service usage / ticket reports.; Other bespoke reports based on website functionality.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data (user-submitted data) can be exported through the Umbraco admin area.; ; Website content can be exported via a support ticket.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We guarantee 99.95% availability of any supported website across any rolling 30 day period (not including planned maintenance). Customers are given support credit or discount should this not be met. Higher availability SLAs can be provided depending on the specific project.
• Approach to resilience: We use Microsoft Cloud services for all our hosting, on premium service tiers which back the 99.95% availability SLA. Higher availability environments will be load-balanced across multiple hosting instances according to the cloud provider's best-practice.
• Outage reporting: Our monitoring application sends email and mobile app alerts to key support staff.; This application can be accessed over the web for dashboard and reporting.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: By user login with MFA enabled where possible.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: We have a set of in-house InfoSec policies to be followed by staff across all processes. These are reviewed annually with refresher training for staff awareness.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All components of the application are tracked via source control. All changes are logged via tickets and are reviewed by Senior staff before development. All changes are tested thoroughly for functionality and security impact before release, with a detailed deployment log listing all changes made in any deployment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We follow OWASP guidelines for all our development work, and staff are trained in threat awareness and best practice in writing secure code. We are notified about patches via email as they are released, and deploy these as priority through support desk.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use Cloudflare to protect against malicious activity from bot networks, which reports on automated activity across our applications. Access to the application is well protected with both MFA and username and password required, and failed login protection, making brute-force very difficult. Any compromise would be detected in log audit, content change, or reported by the customer or end users. We would respond to any suspected compromise through liaison with our CREST accredited security partner, following ICO guidelines.
• Incident management type: Supplier-defined controls
• Incident management approach: We have standard support processes for tickets of all severities. ; Customers can report incidents via our ticketing system, or in the case of Major incidents by phone call. Critical or Code-Red incidents follow a specific processed detailed in our Critical Incident Policy. Incident updates, and in the case of critical incidents Root Cause Analysis, are provided on our ticketing system.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Wellbeing

  Tackling economic inequality

  We recognise the critical role digital technology plays in tackling economic inequality. Although we have not previously engaged directly in projects labelled under economic inequality, our Umbraco deployment and development services are ideally positioned to support initiatives aimed at reducing economic disparities. Our solution facilitates the creation of digital platforms that can provide educational resources, job training programs, and financial literacy tools, all of which are accessible to a broad audience.; ; Our technology enables organisations to reach underserved and economically disadvantaged communities by providing them with crucial information and services online. This includes access to government assistance programs, microfinancing opportunities, and community development projects, which are vital tools for economic empowerment.; ; By ensuring that our digital solutions are accessible on various devices and adapting to low-bandwidth environments, we help bridge the digital divide, making it possible for individuals from all economic backgrounds to access important resources. Our commitment to inclusive design and usability ensures that these platforms are user-friendly, thereby enhancing the likelihood of their adoption and impact.; ; Through these contributions, Factory73 aims to support public sector organisations in their efforts to deliver services that promote economic equality and uplift individuals from economically disadvantaged backgrounds.

  Wellbeing

  Our Umbraco deployment and development service is particularly adept at supporting projects that directly enhance community health and personal wellbeing. Our platform has been leveraged by several health organisations to create accessible, informative, and interactive health-related websites. These platforms often serve as critical resources for public health information, mental health support tools, and community engagement initiatives.; ; Our solution supports the delivery of tailored user experiences that make it easier for individuals to access health services, understand medical conditions, and engage in community wellness programs. This capability not only enhances the efficiency of health service delivery but significantly contributes to the overall wellbeing of users by providing them with the resources they need to make informed health decisions and access support easily and effectively.; ; We are committed to ensuring that our deployments in the health and wellbeing sectors are designed with user-centric principles, promoting ease of use, accessibility, and reliability. By doing so, we enhance the ability of health organisations to deliver on their mission to improve public health and individual wellbeing, aligning closely with the government’s objectives under the Social Value theme of 'Wellbeing'

Pricing

• Price: £7,500 an instance
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at business@factory73.com. Tell them what format you need. It will help if you say what assistive technology you use.